CVE-2008-3794
Published: 26 August 2008
Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow followed by a heap-based buffer overflow.
Notes
Author | Note |
---|---|
mdeslaur | PoC: http://www.milw0rm.com/exploits/6293 |
Priority
Status
Package | Release | Status |
---|---|---|
vlc Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
feisty |
Ignored
(end of life, was needed)
|
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Released
(0.8.6.release.e+x264svn20071224+faad2.6.1-0ubuntu3.2)
|
|
intrepid |
Not vulnerable
(0.9.4-1ubuntu3.1)
|
|
jaunty |
Not vulnerable
(0.9.9a-2ubuntu1)
|
|
karmic |
Not vulnerable
(1.0.0~rc2-1ubuntu1)
|
|
upstream |
Needs triage
|
|
Patches: upstream: http://git.videolan.org/?p=vlc.git;a=commit;h=afe3464a1c7c6f9d7640a3f5db17010c34212440 |